Given that the security architecture augments the outputs of information assurance, enterprise architecture, systems and software design, development and so on, it makes sense that no standard definition exists for a security architecture life cycle. Rather, security architecture activities need to align to the life cycles and working practices of these and other disciplines.

All the same, the process of taking an organisation from a ‘non-security-architected’ to a ‘security-architected’ state can benefit from a level of formalisation (and indeed, does follow a life cycle of sorts). The stages of process enable the architect to gain an understanding of the problem space, define appropriate security ...

Get Security Architect: Careers in information security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.